﻿Imports System.Data.SqlClient
Imports System.Data
Partial Class addcomment
    Inherits System.Web.UI.Page

    Protected Sub Page_Load(sender As Object, e As System.EventArgs) Handles Me.Load
        Dim command As SqlCommand
        Dim queryString As String

        Dim strClientIP As String
        strClientIP = Request.UserHostAddress()

        Dim conn As New SqlConnection("Data Source=sql.bluetonemedia.com;Initial Catalog=BlueToneMediaDB;Persist Security Info=True;User ID=BTMWiz;Password=esquel4ma@gic")

        queryString = "INSERT INTO Comments (CompanyID, AuthorID, Comment, AuthorIP, SiteID, Type, Visible) VALUES (@companyid, '40284', @comment, '" & strClientIP & "', @siteid, 'customer rating comment', 'True')"


        command = New SqlCommand(queryString, conn)

        command.Parameters.Add(New SqlParameter("@companyid", SqlDbType.Int, 11))
        command.Parameters("@companyid").Value = Request.QueryString("companyid")
        command.Parameters.Add(New SqlParameter("@comment", SqlDbType.NVarChar, 4000))
        command.Parameters("@comment").Value = Request.QueryString("comment")
        command.Parameters.Add(New SqlParameter("@siteid", SqlDbType.Int, 11))
        command.Parameters("@siteid").Value = Request.QueryString("siteid")

        command.Connection.Open()
        command.ExecuteNonQuery()
        command.Connection.Close()


        Response.Redirect("display.htm")

    End Sub
End Class
